cbcvebase.

Openbsd OpenSSH vulnerabilities

125 known vulnerabilities affecting openbsd/openssh.

Total CVEs
125
CISA KEV
0
Public exploits
24
Exploited in wild
10
Severity breakdown
CRITICAL12HIGH46MEDIUM54LOW13

Vulnerabilities

Page 5 of 7
CVE-2004-2760P4MEDIUMCVSS 6.8v3.5v3.5p12004-12-31
CVE-2004-2760 [MEDIUM] CVE-2004-2760: sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2
nvdosv
CVE-2003-0695P4HIGHCVSS 7.5≤ 3.7.12003-10-06
CVE-2003-0695 [HIGH] CVE-2003-0695: Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
nvdosv
CVE-2001-1507P4HIGHCVSS 7.5v3.0v3.0p12001-12-31
CVE-2001-1507 [HIGH] CVE-2001-1507: OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
nvdosv
CVE-2001-1459P4HIGHCVSS 7.5v2.1v2.1.1+6 more2001-06-19
CVE-2001-1459 [HIGH] CVE-2001-1459: OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if command OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
nvdosv
CVE-2000-1169P4HIGHCVSS 7.5v2.22001-01-09
CVE-2000-1169 [HIGH] CVE-2000-1169: OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
nvd
CVE-2001-0816P4HIGHCVSS 7.5≤ 2.9.92001-12-06
CVE-2001-0816 [HIGH] CVE-2001-0816: OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remo OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
nvd
CVE-2001-1585P4MEDIUMCVSS 6.8v2.3.12001-12-31
CVE-2001-1585 [MEDIUM] CWE-287 CVE-2001-1585: SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, a SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user'
nvd
CVE-2008-1657P4MEDIUMCVSS 6.5v4.4v4.4p1+4 more2008-04-02
CVE-2008-1657 [MEDIUM] CWE-264 CVE-2008-1657: OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config Fo OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
nvdosv
CVE-2015-6563P4MEDIUMCVSS 6.4≤ 6.92015-08-24
CVE-2015-6563 [MEDIUM] CWE-20 CVE-2015-6563: The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous user The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and
nvdosv
CVE-2006-5052P4MEDIUMCVSS 5.0v1.2v1.2.1+54 more2006-09-27
CVE-2006-5052 [MEDIUM] CVE-2006-5052: Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows rem Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
nvdosv
CVE-2006-4925P4MEDIUMCVSS 5.0v4.52006-09-29
CVE-2006-4925 [MEDIUM] CVE-2006-4925: packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending a packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
nvdosv
CVE-2003-0787P4HIGHCVSS 7.5v3.7.1v3.7.1p12003-11-17
CVE-2003-0787 [HIGH] CVE-2003-0787: The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an a The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
nvdosv
CVE-2006-0225P4MEDIUMCVSS 4.6v3.0v3.0.1+31 more2006-01-25
CVE-2006-0225 [MEDIUM] CVE-2006-0225: scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
nvdosv
CVE-2001-1380P4HIGHCVSS 7.5≤ 2.9.92001-10-18
CVE-2001-1380 [HIGH] CVE-2001-1380: OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/author OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
nvd
CVE-2002-0765P4HIGHCVSS 7.5v3.2.22002-08-12
CVE-2002-0765 [HIGH] CVE-2002-0765: sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
nvdosv
CVE-2006-0883P4MEDIUMCVSS 5.0v3.8.1p12006-03-07
CVE-2006-0883 [MEDIUM] CWE-399 CVE-2006-0883: OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
nvdosv
CVE-2001-1382P4MEDIUMCVSS 5.0≤ 2.9.9p22001-09-27
CVE-2001-1382 [MEDIUM] CVE-2001-1382: The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
nvd
CVE-2023-51384P4MEDIUMCVSS 5.5≥ 8.9, < 9.62023-12-18
CVE-2023-51384 [MEDIUM] CWE-284 CVE-2023-51384: In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. Whe In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
nvdosv
CVE-2001-0872P4HIGHCVSS 7.2≤ 3.0.12001-12-21
CVE-2001-0872 [HIGH] CVE-2001-0872: OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment varia OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
nvd
CVE-2016-10011P4MEDIUMCVSS 6.2≤ 7.32017-01-05
CVE-2016-10011 [MEDIUM] CWE-320 CVE-2016-10011: authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.
nvdosv
Openbsd OpenSSH vulnerabilities | cvebase